6009 matches found
Updated drupal package fixes security vulnerabilities
Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts CVE-2014-1475. Matt Vance and Damien Tournoud reported an access bypass vulnerability in the...
Updated libmicrohttpd package fixes security vulnerabilities
The MHDhttpunescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service crash via unspecified vectors that trigger an out-of-bounds read CVE-2013-7038. Stack-based buffer overflow in the MHDdigestauthcheck function in...
Updated flash-player-plugin fixes security vulnerabilities
Adobe Flash Player 11.2.202.335 contains fixes to critical security vulnerabilities found in earlier versions. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves a vulnerability that could be used to bypass Flas...
Updated python-jinja2 package fixes two security vulnerabilities
Updated python-jinja2 packages fix security vulnerability: Jinja2, a template engine written in pure python, was found to use /tmp as a default directory for jinja2.bccache.FileSystemBytecodeCache, which is insecure because the /tmp directory is world-writable and the filenames used like...
Updated graphviz packages fix security vulnerabilities
Updated graphviz packages fix security vulnerabilities: Multiple buffer overflow vulnerabilities in graphviz due to an error within the "yyerror" function lib/cgraph/scan.l which can be exploited to cause a stack-based buffer overflow via a specially crafted file CVE-2014-0978 and the acceptance ...
Updated lightdm-gtk-greeter fixes CVE-2014-0979
Updated lightdm-gtk-greeter package fixes security vulnerability: lightdm-gtk-greeter uses the lightdm-gobject API incorrectly and does not handle lightdmgreetergetauthenticationuser returning NULL when the username of the previous authentication is invalid resulting in a NULL pointer dereference...
Updated perl-Proc-Daemon package fixes CVE-2013-7135
Updated perl-Proc-Daemon package fixes security vulnerability: It was reported that perl-Proc-Daemon, when instructed to write a pid file, does that with a umask set to 0, so the pid file ends up with mode 666, allowing any user on the system to overwrite it CVE-2013-7135...
Updated nss packages fix security vulnerability
Updated nss packages fix security vulnerability: The sslDo1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services NSS before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509...
Updated java-1.7.0-openjdk package fixes multiple security vulnerabilities
Updated java-1.7.0-openjdk packages fix security vulnerabilities: An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could...
Updated spice packages fix a security vulnerability
Updated spice packages fix security vulnerability: A stack-based buffer overflow flaw was found in the way the redshandleticket function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting...
Updated cups packages fix a security vulverability
Updated cups packages fix security vulnerability: Jann Horn discovered that the CUPS lppasswd tool incorrectly read a user configuration file in certain configurations. A local attacker could use this to read sensitive information from certain files, bypassing access restrictions CVE-2013-6891...
Updated libxfont packages fix security vulnerability
Updated libxfont packages fix security vulnerability: It was discovered that a buffer overflow in the processing of Glyph Bitmap Distribution fonts BDF could result in the execution of arbitrary code CVE-2013-6462...
Updated net-snmp packages fix CVE-2012-6151
Updated net-snmp packages fix security vulnerability: Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service crash or infinite loop, CPU consumption, and hang by causing the AgentX subagent to...
Updated memcached package fixes multiple security vulnerabilities
Updated memcached packages fix security vulnerability: It was reported that SASL authentication could be bypassed due to a flaw related to the managment of the SASL authentication state. With a specially crafted request, a remote attacker may be able to authenticate with invalid SASL credentials...
Updated ruby-i18n package fixes security vulnerability
Cross-site scripting XSS vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call CVE-2013-4492...
Updated x11-server package fixes security vulnerability
Bryan Quigley discovered an integer underflow in the Xorg X server which could lead to denial of service or the execution of arbitrary code CVE-2013-6424...
Updated zabbix packages fix two security vulnerabilities
Updated zabbix packages fixes security vulnerability: This update multiples vulnerabilities. - Fix vulnerability for remote command execution injection ZBX-7479, CVE-2013-6824 - Fix SQL injection vulnerability ZBX-7091, CVE-2013-5743 - Fix XSS issues ZBX-6952...
Updated elinks package fixes a security vulnerability
Updated elinks package fixes security vulnerability: When verifying SSL certificates, elinks fails to warn the user if the hostname of the certificate does not match the hostname of the website. The elinks package has been updated to version 0.12-pre6 and patched to fix this issue...
Updated bind package fixes security vulnerability
Updated bind packages fix security vulnerability: Because of a defect in handling queries for NSEC3-signed zones, BIND can crash with an "INSIST" failure in name.c when processing queries possessing certain properties. By exploiting this defect an attacker deliberately constructing a query with t...
Updated openssl package fixes security vulnerabilities
Updated openssl packages fix security vulnerabilities: The DTLS retransmission implementation in OpenSSL through 1.0.1e does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context by...
Updated dcraw and ufraw package fix security vulnerability
Due to flaws in the embedded copy of LibRaw in dcraw and ufraw, corrupt input files might trigger a division by zero, an infinite loop, or a null pointer dereference CVE-2013-1438. The dcraw and ufraw packages have been updated to their newest versions and patched to fix the flaws in the embedded...
Updated nagios package fixes security vulnerability
A flaw was reported and fixed in Nagios, which can be exploited to cause a denial of service. This vulnerability is caused due to an off-by-one error within the processcgivars function, which can be exploited to cause an out-of-bounds read by sending a specially-crafted key value to the Nagios we...
Updated qt4 package fixes security vulnerability
It was discovered that QXmlSimpleReader in Qt incorrectly handled XML entity expansion. An attacker could use this flaw to cause Qt applications to consume large amounts of resources, resulting in a denial of service CVE-2013-4549...
Updated openssl package fixes security vulnerability
A flaw was reported for OpenSSL 1.0.1e, that can cause application using OpenSSL to crash when using TLS version 1.2 CVE-2013-6449. Also, a NULL pointer reference issue has been fixed in SSLgetcertificate mga11549...
Updated nodejs package fixes security vulnerabilities
A denial of service flaw was found in the way Node.js handled pipelined HTTP requests. A remote attacker could use this flaw to send an excessive amount of HTTP requests over a network connection, causing Node.js to use an excessive amount of memory and possibly exit when all available memory is...
Updated firefox and thunderbird packages fix security vulnerabilities
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to terminate unexpectedly or, potentially, execute arbitrary code with the privileges of the user running Firefox or Thunderbird CVE-2013-5609,...
Updated openjpeg package fixes security vulnerabilities
Multiple heap-based buffer overflow flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash or, possibly, execute arbitrary code with the privileges of the user running the application...
Updated librsvg and gtk+3.0 packages fix security vulnerability
librsvg before version 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference CVE-2013-1881. gtk+3.0 has been patched to cope with the changes in SVG loading due to the fix in librsvg...
Updated ruby package fixes security vulnerability
Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. An attacker could possibly use this issue with an application that converts text to floating point numbers to cause the application to crash, resulting in a denial of service, or possibly execute arbitra...
Updated xml-security package fixes security vulnerability
James Forshaw discovered that Apache XML Security for Java incorrectly validated CanonicalizationMethod parameters. An attacker could use this flaw to spoof XML signatures CVE-2013-2172...
Updated cxf, wss4j, and jacorb packages fix security vulnerability
Multiple denial of service flaws were found in the way StAX parser implementation of Apache CXF, an open-source web services framework, performed processing of certain XML files. If a web service application utilized the services of the StAX parser, a remote attacker could provide a...
Updated libkdcraw packages fix CVE-2013-1438 & CVE-2013-1439
Updated libkdcraw packages fix libraw security vulnerabilities: It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, applications linked against LibRaw could be made to crash, resulting in a denia...
Updated asterisk packages fix CVE-2013-7100
Updated asterisk packages fix security vulnerability: Buffer overflow in the unpacksms16 function in apps/appsms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified...
Updated chromium-browser-stable fixes multiple vulnerabilities
Updated chromium-browser-stable packages fix security vulnerabilities: Pinkie Pie discovered multiple memory corruption issues CVE-2013-6632. Andrey Labunets discovered that the wrong URL was used during validation in the one-click sign on helper CVE-2013-6634. cloudfuzzer discovered use-after-fr...
Updated gnupg package fixes CVE-2013-4576
Updated gnupg package fixes security vulnerability: Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen ciphertexts CVE-2013-4576...
Updated apache-mod_nss package fixes CVE-2013-4566
Updated apache-modnss package fixes security vulnerability: A flaw was found in the way modnss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, modnss...
Updated wireshark packages fix two security vulnerabilities
Updated wireshark packages fix security vulnerabilities: The SIP dissector could go into an infinite loop CVE-2013-7112. The NTLMSSP v2 dissector could crash CVE-2013-7114...
Updated php packages fix multiple security vulnerabilities
Updated php packages fix security vulnerabilities: Stefan Esser discovered that PHP incorrectly parsed certificates. An attacker could use a malformed certificate to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2013-6420. It was discovered that PHP...
Updated munin packages fixes two security vulnerabilities
Updated munin packages fix security vulnerabilities: The Munin::Master::Node module of munin does not properly validate certain data a node sends. A malicious node might exploit this to drive the munin-html process into an infinite loop with memory exhaustion on the munin master CVE-2013-6048. A...
Updated fcron package fixes security vulnerability and init script
fcrontab in fcron before 3.0.5 allows local users to read arbitrary files via a symlink attack on an unspecified file CVE-2010-0792. An error in the init script as also been corrected...
Updated python3 and related packages fix security vulnerabilities and prevent an error
Changed behavior of ssl.matchhostname to follow RFC 6125 Also python-virtualenv has had incdir settings altered to avoid "include nested too deeply" error mga11283...
Updated kernel-vserver packages fix security vulnerabilities
This kernel-vserver update provides an update to the 3.10 longterm branch, currently 3.10.24 and fixes the following security issues: The ipv6createtempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.10 does not properly handle problems with the generation of IPv6 temporary...
Updated kernel-rt packages fix security vulnerabilities
This kernel-rt update provides an update to the 3.10 longterm branch, currently 3.10.24 and fixes the following security issues: The ipv6createtempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.10 does not properly handle problems with the generation of IPv6 temporary addresse...
Updated kernel-tmb packages fix security vulnerabilities
This kernel-tmb update provides an update to the 3.10 longterm branch, currently 3.10.24 and fixes the following security issues: The ipv6createtempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.10 does not properly handle problems with the generation of IPv6 temporary...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update provides an update to the 3.10 longterm branch, currently 3.10.24 and fixes the following security issues: The ipv6createtempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.10 does not properly handle problems with the generation of IPv6 temporary...
Updated kernel and related packages fix security vulnerabilities
This kernel update provides an update to the 3.10 longterm branch, currently 3.10.24 and fixes the following security issues: The ipv6createtempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.10 does not properly handle problems with the generation of IPv6 temporary addresses,...
Updated flash-player-plugin package fixes vulnerabilities
Adobe Flash Player 11.2.202.332 contains fixes to critical security vulnerabilities found in earlier versions. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves a type confusion vulnerability that could lead to...
Updated samba package fixes multiple vulnerabilities
Updated samba packages fix security vulnerabilities: Samba before 3.6.22 incorrectly allows login from authenticated users if the requiremembershipof parameter of pamwinbind specifies only invalid group names CVE-2012-6150. It was discovered that multiple buffer overflows in the processing of...
Updated mediawiki packages fix security vulnerabilities
Updated mediawiki packages fix security vulnerabilities: Kevin Israel Wikipedia user PleaseStand identified and reported two vectors for injecting Javascript in CSS that bypassed MediaWiki's blacklist CVE-2013-4567, CVE-2013-4568. Internal review while debugging a site issue discovered that...
Updated owncloud package fixes CVE-2013-6403
Updated owncloud package fixes security vulnerability: Possible security bypass on admin page under certain circumstances and MariaDB CVE-2013-6403. The owncloud package has been updated to version 5.0.13, fixing this and many other issues...